auth.user() returns user data without valid session in storage

[wireless25]

Bug report

Describe the bug

auth.user() returns the user after clearing storage/cache. When the page is refreshed, the user is logged out correctly, but with no page refresh, during client-side routing, the call still returns the user.

If this is intended behavior, I would be interested in more information, how to handle auth with supabase in a SPA. Especially in a PWA which is installed on a device, the page reloads are not frequent, so the user would still be returned, even without a valid session/token.

To Reproduce

1. Clone the supabase repo (https://github.com/supabase/supabase)
2. Run the JS auth example in the examples/javascript-auth folder
3. Sign-up with an email and a password
4. Click the Fetch button => user is shown in the alert
5. Open Dev Tools and Clear site data in the Application tab > Storage
6. Click the Fetch button again. The user is still shown in the alert
7. Check the localStorage, its empty

Expected behavior

When no session/user is saved in localStorage, the call to auth.user() should return null

System information

• OS: macOS
• Browser: chrome, safari, firefox
• Version of supabase-js: 1.22.6
• Version of Node.js: 16.9.1

[IBakeCookies]

Any progress on this?

[hf]

I believe this has been recently addressed. Please use the latest v2 library.